36
Bill’s Story
Bill provisions instance of
aforementioned “datastore”,
“data schema” & “middleware”.
Bill instantiates request for either
partial (CCDA) or full (all data) PHI
from provider under HIPAA
Individuals Right to Access their
Health Information 45 CFR § 164.524
via “middleware” component
• Now completely electronically via
SSI (issue before was providing
electronic identity)
Provider has 30 days to respond via
available electronic mode (e.g. Direct
API, Email, Fax).
Provider communicates partial or full
PHI via available electronic medium.
“middleware” component interfaces
via provider’s selected electronic
medium
“middleware” performs any
transformations for data
normalization (e.g. HL7 v2.* HL7
FHIR) via pre-existing mappings to
conform to “data schema” (i.e. FHIR
Resources)
“middleware” then stores personal
health information as FHIR
resources, physicalized in agent
“datastore” that supports HIPAA /
HITECH compliance
Bill is able to move data to covered
entities (e.g. New providers) and
persona data storage devices (e.g.
Apple “Health Records”) via FHIR C-
CDA
If Bill would like to send entire
medical records to qualified third-
parties while maintaining the
protections offered by HIPAA /
HITECH legislation, Bill is able to
extend the Cloud Solution Provider
(CSP) Business Associate
Agreement (BAA) to ensure his
sensitive information maintains civic
protections.